Remote Networking

Reply
Occasional Contributor II
Posts: 45
Registered: ‎04-06-2010

Remote AP Speeds

I am getting complaints that our client VPN was faster than our RAP's. My initial thought was that the RAP-2WG's had a performance limitation due to lower end hardware. I did some testing and we got about 3500-4000 KB/s of traffic down and 900KB/s up. So we tested some RAP-5's and they got the same performance. Our VPN client can push almost 9000 KB/s on the same link.

We tested performance on 30/3 Cable, 30/30 Fiber, and 10/1 DSL and performance seems the same on all of them. I don't have any QOS rules or bandwidth throttling set on the user role.

Am I missing someplace where bandwidth is somehow capped on the RAP or controller or should I be looking elsewhere than the Aruba setup?
Aruba
Posts: 760
Registered: ‎05-31-2007

RAP Throughput

A few observations and comments about your post:

- The RAP-5 should outperform the RAP-2 in all metrics on the higher speed circuits you are mentioning below.

- I would not expect the performance to be 'the same' on each of the WAN ccts you have mentioned below on all tests of a given RAP. Definately sounds like something other than the end point hardware 'capping things' here.

- I assume you mean kbps rather than kBps in your original postings ;-)

For next steps I would recommend

- What does the VPN 'client' use for transport... is it IPSEC (like the RAPs) or is it SSL, PPTP etc ? If it's IPSEC then you have apples:apples, if its not then of course you don't. Knowing if we have a difference here we can focus in on the potential issue.

- When you connect via the VPN client and over the RAP device do you do so WIRELESSly in both cases ? or is one a wired VPN client and one a wireless VPN client ? If both wirelessly, what kind of WLAN network do you connect to when not the RAP's network ?

- If both VPN client and RAP tests are wireless, what is the encryption being used in each test ? Are they both the same in the RAP-2, RAP-5 and VPN client tests ? e.g. WPA-2 AES, WPA, etc...

This information will help flesh out next steps...


"I am getting complaints that our client VPN was faster than our RAP's. My initial thought was that the RAP-2WG's had a performance limitation due to lower end hardware. I did some testing and we got about 3500-4000 KB/s of traffic down and 900KB/s up. So we tested some RAP-5's and they got the same performance. Our VPN client can push almost 9000 KB/s on the same link.

We tested performance on 30/3 Cable, 30/30 Fiber, and 10/1 DSL and performance seems the same on all of them. I don't have any QOS rules or bandwidth throttling set on the user role.

Am I missing someplace where bandwidth is somehow capped on the RAP or controller or should I be looking elsewhere than the Aruba setup? "
Occasional Contributor II
Posts: 45
Registered: ‎04-06-2010

Re: Remote AP Speeds




That was my thought as well, it seemed too regular which made me think it was either a performance limit of the RAP-2WG's (Since dis-proven) or some form of QOS.




Yes sorry!






It is IPSEC using NAT-T on UDP 4500 just like the RAP. The specific client is Juniper Network Connect




Both run over wired connections. When testing with the RAP I use a wired connection to the RAP and the RAP connects directly to the ISP. With the VPN Client I run it from a laptop directly connected to the ISP.




I am using wired in my testing however one note on the RAP wired, I am using NAC on that port with machine and user authentication. It shows up as XSec wired on the controller.

I am also in parallel looking upstream to see if something we have might be doing something like Fair-queuing but no luck so far.

Thank you!

Occasional Contributor II
Posts: 45
Registered: ‎04-06-2010

Re: Remote AP Speeds




I am using a webserver hosting a 500 neg file and downloading it via wget. I can do FTP as well if you think it is a better test.




I am using wired for testing and it the MTU on the NIC is the default (1500).




The RAP-5 is set to 5Ghz but I am testing on wired, though wireless shows similar speeds.

Occasional Contributor II
Posts: 45
Registered: ‎04-06-2010

Re: Remote AP Speeds


Ok, the only other thing that comes to mind is latency. Whereas your bandwidth can be a bottle neck in low latency situations, the biggest factor that I have seen in "performance" issues is mostly related to latency. I work at an MSO, when we have "on network" users, (users with less than 10 ms pings to the controller) they report "LAN like" connectivity. When we have remote users that are over a cellular card or in different parts of the country (70 ms or greater latency) we are down to 2-4 Mbps of throughput with minor connectivity issues (jitter specifically on phone calls). If latency is not an issue in your environment then I really have no other idea's other than trying to change the MTU on the workstation.

Here is a link to an effective tool that will help you determine what your expected throughput will be relative to latency and loss.
http://www.silver-peak.com/calculator/




Thank you for this information, I think this is the case we are seeing here. These users all have between 30 to 100ms of latency to the controller and their speeds are reduced accordingly. At the suggestion of Aruba support I have been playing with iperf and what stands out is that TCP is about 500Kb/s max but UDP is maxing out the local bandwidth. This makes sense but I wonder why our VPN client doesn't have this issue, maybe it does some sort of optimization? Is there any options we may have with QOS to improve this situation?
Contributor I
Posts: 32
Registered: ‎06-30-2009

RAP Throughput / Remote AP Performance




Did you ever come to a conclusion as to why the RAP performance does not match the VPN client performance.

We have a similar issue and are being asked the same questions.

All WIRED PORT testing.... RAP2 is connected to a M3 running the last version of RAP code (3.3.x.x.x.).

We use Juniper Network Connect / SSL VPN and RAP-2s at some SOHO locations

Here is a description of some testing performed by one of our developers

"I’ll try at different times of the day too, but so far that’s never affected what I see more than 1 or 2 hundred K at most… Juniper SSL VPN/Network Connect is always at least 2x’s faster than aruba, and speedtest is always 3-5 times faster than Juniper"

Through the IP phone/aruba this morning, 590KB/s

Through aruba, no phone, 564KB/s

Through ybconnect outside aruba: 1.3MB/s

Speedtest.net 5.23MB/s

We are about to begin a round of testing to produce solid results and then contact ARUBA to discuss potential options based on the results of the testing...

Thanks for any info you can provide

Vinson

Occasional Contributor II
Posts: 45
Registered: ‎04-06-2010

Re: Remote AP Speeds


Did you ever come to a conclusion as to why the RAP performance does not match the VPN client performance.

We have a similar issue and are being asked the same questions.

All WIRED PORT testing.... RAP2 is connected to a M3 running the last version of RAP code (3.3.x.x.x.).

We use Juniper Network Connect / SSL VPN and RAP-2s at some SOHO locations

Here is a description of some testing performed by one of our developers

"I’ll try at different times of the day too, but so far that’s never affected what I see more than 1 or 2 hundred K at most… Juniper SSL VPN/Network Connect is always at least 2x’s faster than aruba, and speedtest is always 3-5 times faster than Juniper"

Through the IP phone/aruba this morning, 590KB/s

Through aruba, no phone, 564KB/s

Through ybconnect outside aruba: 1.3MB/s

Speedtest.net 5.23MB/s

We are about to begin a round of testing to produce solid results and then contact ARUBA to discuss potential options based on the results of the testing...

Thanks for any info you can provide

Vinson




We never found a solution, we have a ticket open now and it is supposedly with engineering. One item I plan on testing is the MTU on the RAP itself to see if there is fragmentation issues.
Contributor I
Posts: 32
Registered: ‎06-30-2009

Re: Remote AP Speeds




The is what we have so far from our testing....

Using 3200 Test controller running v5.0.2.1. Transfer uncompressed rar file (various files types in the file) file size: 261914332 bytes

Log on to ftp server from PC, perform a “get” of the file (pull)
PC WIRED to Rap5 located in our office
1st attempt: 28.72 secs @ 9121.17 Kbytes/sec
2nd attempt: 27.10 secs @ 9665.81 Kbytes/sec
3rd attempt: 27.17 secs @ 9639.13 Kbytes/sec

PC WIRED to Rap2 located in our office
1st attempt: 445.62 secs @ 587.76 Kbytes/sec
2nd attempt: 449.97 secs @ 582.07 Kbytes/sec
3rd attempt: 446.15 secs @ 587.05 Kbytes/sec

Log on to ftp server from PC, perform a “put” of the file (push)
PC WIRED to Rap5 located in our office
1st attempt: 29.21 sec @ 8965.68 Kbytes/sec
2nd attempt: 31.34 sec @ 8357.19 Kbytes/sec
3rd attempt: 31.34 sec @ 8357.19 Kbytes/sec

PC WIRED to Rap2 located in our office
1st attempt: 461.29 sec @ 567.79 Kbytes/sec
2nd attempt: 459.46 sec @ 570.05 Kbytes/sec
3rd attempt: 459.49 sec @ 570.02 Kbytes/sec

Basically all i did was move the cables between the RAP5 & RAP 2

While it shows somewhat consistent performance on both platforms, the RAP2 is MUCH slower than expected.

I know that SSL VPN, while similar is a different animal than IPSec VPNs but that does not explain the # we are seeing. I thought I read somewhere that RAP2 is supposed to do 1 - 2mb/s over IPSec?

I am going to try testing with the VIA client as well as open a TAC case.

Anyone else think there is something strange about these results?

Occasional Contributor II
Posts: 45
Registered: ‎04-06-2010

Re: Remote AP Speeds

In my case even on a RAP5 I get performance like what you see with the RAP2. I am still waiting on a response but I am at a loss as to what is causing the issue. I have never tested the RAP in the office though.
Occasional Contributor II
Posts: 45
Registered: ‎04-06-2010

Re: Remote AP Speeds

Looks like my issues were caused by a duplex mismatch between the controller and the switch. Once we fixed that our performance went up significantly.
Search Airheads
Showing results for 
Search instead for 
Did you mean: